CVE

Id
6240  
CVE No.
CVE-2002-1858  
Status
Candidate  
Description
Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").  
Phase
Assigned (20050629)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
35466 6240 CVE-2002-1858 BUGTRAQ:20020628 wp-02-0002: "WEB-INF" Folder accessible in Multiple Web Application Servers  View
35467 6240 CVE-2002-1858 URL:http://online.securityfocus.com/archive/1/279582  View
35468 6240 CVE-2002-1858 MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt  View
35469 6240 CVE-2002-1858 CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert47rev1.pdf  View
35470 6240 CVE-2002-1858 BID:5119  View
35471 6240 CVE-2002-1858 URL:http://www.securityfocus.com/bid/5119  View
35472 6240 CVE-2002-1858 XF:webinf-dot-file-retrieval(9446)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
64002 JVNDB-2002-000329 Oracle Application Server における WEB-INF ディレクトリ内の情報が漏洩する脆弱性 Oracle 9i Application Server には、特定の環境下において WEB-INF ディレクトリにアクセス可能となるため、HTTP を介して WEB-INF ディレクトリ以下に配置されているファイルの内容を閲覧されてしまう脆弱性が存在します。 CVE-2002-1858 6240 5 http://jvndb.jvn.jp/ja/contents/2002/JVNDB-2002-000329.html  View